Steve Gibson of GRC.com has created yet another masterpiece of technology. His “Off the Grid” paper-based password generation system is amazing and once printed out, amazingly low-tech, even to the point of being effectively no-tech, as it requires only a piece of paper with the specially generated and one-of-a-kind grid printed on it (I would suggest laminating it with something that is friendly to dry-erase or erasable markers/highlighters). You trace out the path of, to use his example, ‘amazon’ to shorten the URL of amazon.com, using a finger, or something else convenient and which won’t mark-up your grid (thus my suggestion of laminating it).

Here’s one of the unique grids that his system generates:

One of a monstrously huge number of possible grids

Now, seeing that somewhat daunting image above, you’re probably thinking “How the hell do I use that?”. I know at first-glance it is daunting. But, if you follow the directions given HERE (I can’t give clearer instructions than the guy who invented it, so I am not going to try), you’ll pick it up quickly. Go ahead, I’ll wait 🙂

Now that that’s done… You DID go and look at that site, right?… We can go through and look at what happens when we take ‘amazon’ as an example on the grid above.

First, we go across the top set of blue letters and look for the ‘a’ (note that we’re ignoring the letter’s case, for now), finding that, we go vertically to the letter ‘m’, then horizontally to another letter ‘a’, then vertically to the ‘z’, horizontally to ‘o’, then lastly, vertically to ‘n’. No changes here so far, right? Right.

Here’s what we have so far:

What we have so far.

Next, we’ll go through and spell out ‘amazon’ again, also ignoring case, but paying attention to the case of the letters that we capture after we find our key letters. For example:

The encryption path, not including 'overshoot'.

Now, what you see above is not including what Steve refers to as ‘overshoot’ zones. These are the ‘key’ (probably a pun intended there) to the encryption process that he recommends. I’ll show those below:

Grid with both paths, and overshoot for encryption.

Now here’s the fun part. Based on what we have done so far, by pathing this out as we have, is we’ve developed a key for ‘amazon’. What is the key? Follow with me through the grid above, along the green path, pay attention to how the overshoot is read, it’s read according to what you cross first for each one. For example the first ‘a’ in ‘amazon’ has the letters ‘vh’ after it, and read in the order of encounter… I’ll explain further in the next step.

Continuing on to the letter ‘m’ in the green path we see the letters ‘dI’ following it, again note the order that we read those, it’s important for later where I add to this scheme.

Now, if you keep going and following the green path and reading the overshoot letters properly, you’ll get the following results: ‘vhdIKWMpFRLr’. I’ll break that into pairs for you: ‘vh-dI-KW-Mp-FR-Lr’.

Now, using just what we’ve done so far, you already have a very strong encrypted password for use on amazon.com.

What I’ll be presenting from here on is an additional layer to that encryption scheme, using the password that we just generated as the key to that. We can use this additional layer as ‘salt’ for the password, or as a kind of substitution code for the password that we have already.

Here’s how what I have in mind works:

Take each pair of letters as broken down above as a set of coordinates. For example, we’ll take ‘vh’ as the first set, since that is what it is. Then we plot those coordinates using the first row of blue letters on the grid as the X axis, and the first column of blue letters on the grid as the Y axis. We should get the following:

I’ll post each path result separately, so that you can follow my logic and reasoning for this idea. Be ready for a lot more images: 🙂

Grid with vh coordinates plotted.

As a result of plotting out ‘vh’ on the grid above, we get the letter “Q” as the output. Write that down below where you have ‘vh’ written on your paper, if you do.

Now, let’s do the same with the next set ‘dI’:

dI coords plotted out.

Note that for our purposes, the initial coordinates are ignored as to case, this is ok, since the 26×26 grid can’t cover both upper and lower case. We DO want to maintain case sensitivity if using the password as-is without these additional steps. We also want to keep them case-sensitive when using with these additional steps when we go to finally add the ‘salt’, which we’re in the process of generating, to them.

Now, I’ll go ahead and give you the remaining grids, next is KW:

Grid with KW coords plotted.

Now for Mp:

Grid with Mp coords plotted.

Next is FR:

Grid with FR coords plotted.

Finally, we have Lr:

Grid with Lr plotted.

Now that we have all the letters that we need, we need to do something with them…

Remember the password that you originally generated using the grid? No? Well, here it is again: “vh-dI-KW-Mp-FR-Lr”, also we have the results of our salt generation using the password as a set of coordinates: “Qyqcnp”.

What can we do with the salt? We can append it to our password: ‘vhdIKWMpFRLrQyqcnp’

We can replace every other letter of the password with a letter from the salt, to further obfuscate the password we originally generated: ‘vh-dI-KW-Mp-FR-Lr’ becomes ‘vQ-dy-Kq-Mc-Fn-Lp’.

We can try any number of other alternatives, which I leave to you to discover.

Thank you for reading this and I look forward to any feedback on this little variant I have on Steve Gibson’s amazing ‘Off the Grid’ paper password generation system.

Ok. For quite some time, you lost me at step one. But fear not, i persevered, had a tea and smoke break, then persevered some more. I now understand the original bit, and further more, i understand your varient. (that’s an hour of my life i aint getting back).

When I need to create a password I choose a well know saying or phrase, or one of my own, and use the first letter of each of the words, or sometimes the last letter. Sometimes if i’m feeling extra cheeky, i may use both. 😉 Genious huh?

I’m glad to see that you had a go at it and figured it out. I hope that others will do the same, and will also find it useful. I admit that it’s a bit of extra work, but I’ll also bet that it’s somewhat more secure than the original version, and has the side-effect of further obfuscating the generated password, and the original grid structure.

So, hopefully this method will provide additional security and allow one to use Steve’s grid without fear of excess ‘structure leakage’ due to using parts of the grid itself as the password contents.

I’ve had a bit more of a think about this, it was bugging me that i’ve missed the point. So…. this is for people who cant remember passwords and the places they are used for and feel the need to write them down or something. is this correct?

The part of this i understand the most is your varient. I can clearly see the flaw in the original method.. someone trying to crack a password that has been generated using this, if they know about the grid (which those types of people will no doubt), have the solution right there infront of them. more or less. With your varient, and the different ways that it can be used, or a different varient, it is secure. without it, not so much.

Read that, and play around with generating different grids. That should help you to understand why the grid as described prior to my initial variant is actually very secure. I’m simply trying to add another layer to it by adding my idea to the end of it. It’s all very secure, my idea simply helps to reduce the exposure of the grid’s structure to only one letter at a time. That kind of information is all but useless to someone who tries to crack the grid’s layout based on the password and the domain for which the password is generated. It provides no context.

Ah yes. So everyone makes their own personal grid, therefore all passwords created for the same word eg. amazon, are unique to them. Thats so blindingly obvious to me now, i must not have being paying proper attention. (i was very tired, but that’s no excuse for that level of dumbness. the shame of it)!
I see what you are saying about the added layer. Clever stuff.

Not truly a “salt” I don’t think. What I know about cryptography, the more data, the easier it is to figure out the cipher, which is what OTG is. Would larger passwords from multiple places make a practical negative difference in crackability? Doubtful, but the benefit I don’t think is worth it. I think a better salt may be your favourite word, just for simplicity’s sake. But that would indeed make decryption easier in the way I mentioned. That is why I suppose you had this idea.

I like the OTG since it is as easy as printing bingo cards to distribute to an organization, and is simple that a child could learn it. Thanks for turning me on to it.

Salt, in the sense of cryptography is pretty much anything that is added to help obfuscate the item being encrypted. Adding additional entropy to a password does count as salt, and additional password length, where supported, is always better than a shorter password. Almost anyone will tell you that adding a known ‘word’ to a password, if that password is already a ‘word’, will not prevent that password from being vulnerable to a ‘dictionary’ style of attack. Therein lies the reason and motivation of Steve Gibson creating the Off The Grid ‘technology’. I’ll let the page itself do the explaining, as Steve is better at that than I am.

Right, you linked to the OTG in this post.. and the haystack I’ve come across and shared before.

Thanks for a better explanation of salt. I was thinking if it served to use the same cypher then it might theoretically backfire. I dunno.

Anyhow, I was thinking about a call center I used to work in… losts of passwords for multiple systems for multiple people. The biggest immediate downside that I see is if someone happened to use a word, and the password didn’t qualify for some of the password rules (at least one capital, numeric, non-alphanumeric, etc.) by a fluke.

So, say you have a supervisor… Would it be “safe” to allow them to keep a copy of your OTG cipher in case it got lost by the individual.. or even “safer” to not allow agents to exit the buildings with them in the first place? (keeping them with the supervisors) Just trying to figure out how it might work and you could convince management to use a scheme like this, because that is a situation where I think it is needed quite a bit.

You know, I can actually see something like that working very well in a call center, with a few caveats: I’d strongly emphasize that the supervisor keep the cards under strong lock and key, and to make sure that no copies are made or otherwise compromised (unless in active use). Although if that does happen, it’s a simple matter to regenerate a new set of cards, change the passwords and go on from there. It would also be good to remember how the originals came to be compromised, and not allow that to happen again (i.e. to take measures to prevent it from happening again).

I’m confused how do you work the second step of this system if the first character and the sixth character are the same. I noticed this when trying to create a password with this system for the website radioreference.com. radior leaves the last ‘r’ stuck because no line or column has the letter more than once and it can’t start over at the beginning.

Re-read the instructions on the website. Whenever you’ve gotten your next letter, change from going from vertical (for example) to going horizontally, then continue looking for letters, alternating for each letter as you go.

When the domain name contains twin letters (eg. letters.com, pure example, I don’t even know if that domain exists) the OTG system fails: there is no other ‘t’, neither vertically nor horizontally to reach when the first ‘t’ has been processed 🙁

I would add punctuation/numbers characters from the edge as follows:
Pick up the grey symbol at the edge pointed to by the letter pair:
vh 0 dI 8 KW 0 Mp & FR 9 Lr ,
This adds more entropy and makes the password compliant to Upper-Lower-Number-Punctuation enforcement rules.

It might do that, but there’s also a chance that it will leak more of the grid’s pattern/structure (check Steve’s website for info on that) when attempting to hack the password,and when trying to determine the source grid (if someone knows, by whatever means, the the source of the password was a grid like this one.) I haven’t looked into it, but I like your idea, with the previously mentioned caveat. It would still take many, many attempts, and many passwords generated from the same grid to even have a remote chance of guessing the grid, but there’s still the possibility, however remote.